The Leak

At the core of the controversy is one of the meeting’s major issues: Deep packet inspection (or DPI) technology, a Web surveillance tool.

Australian journalist Asher Wolf claims she got a hold of alleged “secret documents” on DPI (providing a road map for how to regulate sites like BitTorrent) via the ITU’s Toby Johnson. She says Johnson emailed her and asked her not to publish the unedited documents. But she did anyway.

In a comment to ReadWrite, Wolf said she never claimed the documents were leaked. “It was the media who used that word,” she explained.

Wolf says the material was already available online in draft form, and criticized the media for not bothering “to ask for copies of relevant documents before the ITU’s DPI recommendations were ratified.”

“Regardless whether the document is considered ‘leaked’ or not, I think the reaction to the publication of the document suggests there’s a disconnect when it comes to internet policy, media coverage and public awareness,” Wolf said.

The ITU’s Johnson also denied that the documents were leaked, first on Twitter then in a private email exchange.

Johnson says the documents are unedited material, and not secret. Here’s the ITU’s rationale for DPI use, which strangely enough, was written in response to the Center for Democracy and Technology‘s publication on Wednesday of the ITU adopting a new international DPI technological standard.

Johnson says the documents in question, which can be found via a search on the ITU site (Y.2770), will be published in the coming weeks with minor editorial changes.

“I sent a pre-published version of the standard in question (Y.2770) to a journalist/activist that had expressed an interest,” Johnson said. “Pre-published means that it’s available only to members while some final editing is done. It is by no means a secret document. It’s just subject to some final tweaks before being published. I’d rather she hadn’t published it in that form but it’s no big deal.”

But despite Johnson’s candor, it is a big deal. Why? Because this back and forth hints at a lack of openness between the ITU and the outside world. And if the nonprofit CDT’s reporting is correct, that means that the DPI standard was adopted before the conference.

“DPI technologies are nothing new of course,” Johnson wrote in email response. “The proposal to standardize comes from our members (mostly private sector) and is a way of making it easier for manufacturers to take into account these requirements.”

At this point, it’s still not clear why Johnson would send unedited material, but what is clear is how fast the finger pointing and ownership of the messaging of this conference and this gaffe is coming into play. The overall rhetoric from the ITU is that it’s here to better the Internet community. But the Web isn’t buying it.

“The whole question of whether the document was leaked or not kind of implies that the process isn’t as open as it might be,” says Jim Fenton, chief security officer of digital identity service OneID, and formerly of Cisco Systems.

Fenton says while the content of the documents themselves aren’t that surprising, the lack of transparency between the public and the ITU is worrisome.

In other words, PR missteps and poor timing are bringing to the forefront questionable ITU behavior, even if the material it did send was in fact public – or at least soon to become so.

The Hack

And then there’s the hack. On Wednesday, the ITU’s site was knocked off-line for two hours, allegedly by members of the Anonymous collective, allegedly in response to the DPI standard‘s shady introduction.

Anonymous released this video aptly titled: “Keep our Internet free!”

The ITU released this statement in response, ironically detailing that while some delegates were frustrated at being unable to access online documents, “a spirit of camaraderie prevailed, with those who had access to up-to-date online versions of the texts willingly sharing with other delegates in order to keep discussions moving forward.”

If anything, though, this move could backfire on the hackers responsible, giving the conference additional credence and legitimacy to push for more cybersecurity.

Whatever happens long term, the world is watching and waiting as the story develops. We’re still at the halfway point of the conference, which concludes Friday, December 14. And no matter what the delegation decides, it will then be up to individual governments to approve or reject any decisions.

Let’s just hope they make the right choices…because in the name of security, the wild and wooly Internet we know and love could go the heavily regulated route of radio and television. And it would never be the same again.

Related Posts

Earlier this month we noticed PRManna climbing up the Hacker News front page and reached out to the creator for an interview. Ryan Waggoner started PRManna in his spare time and was open in saying that the project was inspired by Peter Shankman’s Help a Reporter Out. The difference between PRManna and HARO is that Waggoner’s product was…

The new Google Now feature unveiled this week at the Google I/O developers conference is designed to automatically present the information you need – even before you ask for it. The impressive results cover everything from helping you get to work to which sports teams you like – but they are possible only because Google knows so much about you. The…

Last week, I attended the Internet Identity Workshop. As an attendee with less exposure to the user centric identity, an early session provided an great overview of how the pieces fit together. This is a regular topic at the IIW and I’m sure the community will continue collaborating online at the Identity Commons wiki page. However, the image…

I’m really enjoying writing my series on international Web apps and I’ve gotten some great feedback that others are enjoying it too. The previous post about Russian Web apps has gotten the most interest so far, including from some people in Russia who took issue with it. The comments on my post are informative, but also Alexey Andreyev wrote an…